Enhancement Request: Preserve and Reuse Comments for Similar Suppressed Vulnerabilities Across Dependency Versions

[Krzyshio]

Current Behavior

When a vulnerability is suppressed and tied to a specific dependency version, its associated comments and justifications disappear from the Dependency Track once it’s no longer applicable. However, if a similar vulnerability resurfaces due to a minor version change in the same dependency, the previously provided reasoning is not accessible anymore. This forces users to re-investigate and rewrite justifications, even though the root cause and reasoning often remain the same.

Expected Behavior

Proposed Enhancement:

• Maintain a history or archive of suppressed vulnerabilities, including their comments and justifications.
• Allow users to reference or reuse these comments when a similar vulnerability appears, even if the dependency version is slightly different.
• Reduce repetitive effort and ensure consistent decision-making over time by enabling quick access to previously documented rationales.

This feature would significantly streamline the workflow, minimize duplicate work, and preserve valuable institutional knowledge for future reference.

Dependency-Track Version

4.7.x

Dependency-Track Distribution

Container Image, Executable WAR

Database Server

PostgreSQL

Database Server Version

No response

Browser

Google Chrome

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this defect was already reported